Re: riak search java client - sql injection

2015-03-23 Thread Jason W
Thanks. Looks like it is in the Solr ClientUtils.java class. Now need to decide whether to import solr into client code or dup the function. Jason On Mon, Mar 23, 2015 at 2:59 PM, Alexander Sicular wrote: > I'll second what Chris said. Afaik, Solr does not solve this problem for > you. Riak w

Re: riak search java client - sql injection

2015-03-23 Thread Alexander Sicular
I'll second what Chris said. Afaik, Solr does not solve this problem for you. Riak won't either. I just googled for "sanitize solr query inputs in java" and there are quite a few hits. I'd use that as a starting point but I'm a bit surprised there isn't a lib somewhere that makes this a non prob

Re: riak search java client - sql injection

2015-03-23 Thread Jason W
Thanks Chris. I meant the query injection. Was really looking for an api that takes parametrized query in risk java client, do you know whether solr provides that? It would not be a easy task to do a 100% secure santize function, the above query is really just a simple use case. Jason On Mon,

Re: riak search java client - sql injection

2015-03-23 Thread Christopher Meiklejohn
> On Mar 22, 2015, at 7:03 PM, Jason W wrote: > > Hello, > > I try to use the riak search java client, specifically the Search.Builder > class, like the following > > Search search = new Search.Builder("test", "_yz_rb:accounts AND email:" + > [user-email]). > > > > "[user-email]" is what

riak search java client - sql injection

2015-03-22 Thread Jason W
Hello, I try to use the riak search java client, specifically the Search.Builder class, like the following Search search = new Search.Builder("test", "_yz_rb:accounts AND email:" + [user-email]). "[user-email]" is what user entered in the login form, my question is about sql injection, it seem